Skip to content

HITL tests: CAN error resilience (SPI lockup repro)#2369

Open
adeebshihadeh wants to merge 7 commits intomasterfrom
canerr
Open

HITL tests: CAN error resilience (SPI lockup repro)#2369
adeebshihadeh wants to merge 7 commits intomasterfrom
canerr

Conversation

@adeebshihadeh
Copy link
Copy Markdown
Contributor

@adeebshihadeh adeebshihadeh commented Mar 7, 2026

Summary

  • Add HITL tests that induce CAN errors (speed mismatch, bus-off) and verify the panda stays responsive over SPI
  • Tests reproduce a suspected bug where CAN error interrupts can starve SPI, causing the panda to appear locked up from the SPI master's perspective
  • CI temporarily set to only run these new tests for faster iteration

Test cases

  • test_spi_responsive_during_can_errors: Speed mismatch flood from jungle, assert SPI health responses have <250ms gaps
  • test_spi_responsive_during_bus_off: TX with no ACK → bus-off, assert SPI stays responsive
  • test_sustained_error_storm: 15s sustained CAN errors, measure SPI response gaps (avg/p95/max)
  • test_can_recovery_after_errors: After errors, fix speeds and verify normal CAN resumes
  • test_no_faults_during_errors: CAN errors should not trigger interrupt rate faults

Suspected root causes

  1. can_clear_send()llcan_init() does blocking busy-waits (up to 500ms) inside a CAN RX ISR, starving SPI
  2. CAN error interrupt flags cleared based on stale IR snapshot, causing re-fire storms

Test plan

  • Run on HITL (tres + cuatro) to see which tests fail and how often
  • Use failure stats to validate the fix

🤖 Generated with Claude Code

adeebshihadeh and others added 7 commits March 7, 2026 10:15
@adeebshihadeh @claude
add HITL tests for CAN error -> SPI lockup
4e32d97 
Tests that the panda stays responsive over SPI when CAN
error conditions occur (speed mismatch, bus-off, sustained
error storms). Validates recovery after errors and checks
that interrupt rate faults aren't triggered.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh @claude
CI: only run CAN error tests for faster iteration
a38df4f 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh @claude
fix linter ISC002: avoid implicit string concatenation
1d488aa 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh @claude
fix E501 line too long
bbce182 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh @claude
handle SPI lockup gracefully, disable xdist for HITL
591a5f2 
- Catch PandaSpiException instead of crashing test runner
- Disable pytest-xdist (tests share one panda)
- Report lockup as assertion failure with stats

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh @claude
fix linter ISC002, use -o addopts= to disable xdist
8c8de7d 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@adeebshihadeh
cleanup
0d068c6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adeebshihadeh